Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 30 Dec 2007 14:26:11 +0100
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        Mike Silbersack <silby@silby.com>
Cc:        Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org
Subject:   Re: ProPolice/SSP in 7.0
Message-ID:  <20071230132611.GD10467@obiwan.tataz.chchile.org>
In-Reply-To: <20071228200428.J6052@odysseus.silby.com>
References:  <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi,

On Fri, Dec 28, 2007 at 08:20:20PM -0600, Mike Silbersack wrote:
>  Since the subject came up, I just tried using it, and it's not giving me the 
>  results I expected.  Take the following program:
> 
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> 
>  void overrun(void);
> 
>  int main(void)
>  {
>  overrun();
>  }
> 
>  void overrun(void)
>  {
>  int x;
>  char a[4];
>  int y;
> 
>  strcpy(a, "ABCDE");
>  printf("hi");
>  }
> 
>  If I compile it like so:
> > cc -g -fstack-protector-all overrun.c
> 
>  The overrun is detected and the program is aborted.
> > ./a.out
>  Abort (core dumped)
> 
>  But if I compile it like so:
> > cc -g -fstack-protector overrun.c
> 
>  The overrun is not caught.
> > ./a.out
>  hi>
> 
>  Either I'm doing something wrong, or we have gcc misconfigured and it's not 
>  detecting that strcpy is a function which needs to be watched closedly.

Actually, you did nothing wrong.  Except maybe not wasting time to look
at GCC info page ;).

% `-fstack-protector'
%      Emit extra code to check for buffer overflows, such as stack
%      smashing attacks.  This is done by adding a guard variable to
%      functions with vulnerable objects.  This includes functions that
%      call alloca, and functions with buffers larger than 8 bytes.  The
%      guards are initialized when a function is entered and then checked
%      when the function exits.  If a guard check fails, an error message
%      is printed and the program exits.

I believed it was possible to customize this threshold (I'm pretty sure
I've already seen such an option in some patch floating around GCC
community) but a quick glance a the source shows it is not possible
actually.

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071230132611.GD10467>